User login control ·················································································································································· 80
Logging ··································································································································································· 80
FIPS compliance ····························································································································································· 81
Enabling password control ··········································································································································· 81
Managing public keys ··············································································································································· 89
Overview ········································································································································································· 89
FIPS compliance ····························································································································································· 89
Creating a local key pair ·············································································································································· 90
Configuration guidelines ······································································································································ 90
Configuration procedure ······································································································································ 90
Displaying a host public key ································································································································ 92
Destroying a local key pair ··········································································································································· 92
Configuring a peer public key ······································································································································ 93
Entering a peer public key ··································································································································· 93
Configuring PKI ·························································································································································· 99
Overview ········································································································································································· 99
PKI terminology ······················································································································································ 99
PKI architecture ···················································································································································· 100
PKI operation ······················································································································································· 101
PKI applications ··················································································································································· 101
Support for MPLS L3VPN ···································································································································· 101
FIPS compliance ··························································································································································· 102
PKI configuration task list ············································································································································ 102
Configuring a PKI entity ·············································································································································· 102
Configuring a PKI domain ··········································································································································· 103
Requesting a certificate ··············································································································································· 105
Aborting a certificate request ····································································································································· 108
Obtaining certificates ·················································································································································· 108
Configuration prerequisites ································································································································ 108
Configuration guidelines ···································································································································· 108
Configuration procedure ···································································································································· 109
Verifying PKI certificates ·············································································································································· 109
iii